cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
401
Views
5
Helpful
2
Replies
Highlighted

Unable to revert back to default keyring

The trust point (CERTSRV) was deleted without first deleting the keyring (CERTSRV).

I would like to utilize the default keyring and delete the CERTSRV keyring, but I'm unable to.

I tried the following commands below, but I get the error that the CETSRV keyring is in use.

Any suggestions?

 

UCSM-B /security # show keyring
Name RSA key modulus Trustpoint CA
--------------- --------------- -------------
CERTSRV Mod2048 CERTSRV
default Mod2048
UCSM-B /security # delete keyring CERTSRV
UCSM-B /security* # commit-buffer
Error: Update failed: [Cannot delete a keyring-CERTSRV that is in use]
UCSM-B /security* # scope security
UCSM-B /security* # scope keyring default
UCSM-B /security/keyring* # set modulus mod2048
UCSM-B /security/keyring* # set regenerate yes
UCSM-B /security/keyring* # commit-buffer
Error: Update failed: [Cannot delete a keyring-CERTSRV that is in use]

2 REPLIES 2
Highlighted
Cisco Employee

It is possible that HTTP is using the keyring thus you cannot delete. 

You can change it here:

Step 1    In the Navigation pane, click the Admin tab.
Step 2    On the Admin tab, expand All > Communication Management > Communication Services.
Step 3    Select the Communication Services tab.
Step 4    In the HTTPS area, click the enabled radio button.
          The HTTPS area expands to display the available configuration options.
Step 5    Under Key Ring drop-down list, select a different key ring
Step 6    Delete the keyring from the key ring management
https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/3-1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1/b_Cisco_UCS_Admin_Mgmt_Guide_3_1_chapter_0110.html

I hope this helps you.

Regards,
Carlos

 

Highlighted
Cisco Employee

Daniel,

 

I think part of the problem here is that the change wasn't committed (as it failed), but it's still present as an uncommitted changed.

We can see this is the case as you still have the '*' symbol present even when you scope into the default keyring.

 

If you open a new session without any uncommitted changes are you able to generate the default keyring?

 

--

Niko

Content for Community-Ad